CVE-2018-19878

Published: Jun 19, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered on Teltonika RTU950 R_31.04.89 devices. The application allows a user to login without limitation. For every successful login request, the application saves a session. A user can re-login without logging out, causing the application to store the session in memory. Exploitation of this vulnerability will increase memory use and consume free space.

Affected (1)

Products: Teltonika: Rut950 Firmware

1 product

Rut950 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Rut950 Firmware	Version r_31.04.89

Running on/with	Platform Versions
Teltonika Rut950	All versions

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (4)

https://www.triadsec.com/

Source: cve@mitre.org

Not Applicable

https://www.triadsec.com/CVE-2018-19878.pdf

Source: cve@mitre.org

Broken Link

https://www.triadsec.com/

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://www.triadsec.com/CVE-2018-19878.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.